Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

Help - DNSCrypt Breaking Websites

Looking for assistance with a cryptostorm connection issue? Post here & we'll help out. Also: if you're not sure where to post, do so here & we'll move things around as needed. Also: for quickest support, email our oddly calm & easygoing support reps at support@cryptostorm.is :)

Topic Author
kingping1
Posts: 8
Joined: Wed Apr 11, 2018 7:27 am

Help - DNSCrypt Breaking Websites

Post by kingping1 » Wed Apr 11, 2018 7:46 am

I can use all the features in v3 widget of cryptostorm BUT when I put the cryptostorm DNSCrypt and turn it on, none of the sites work, I can't even use google or anything. Please help me set this up, as I don't know much about what DNS to use or anything for Ipv4, so what should I do, as i'm a noob. I want to be able to use it with DNScrypt without breaking any sites.

Also I can't seem to use cryptovpn with my organization's internet/wifi as it seems to be blocked, so anyone know a way around this?

Thanks.

User avatar

parityboy
Site Admin
Posts: 1214
Joined: Wed Feb 05, 2014 3:47 am

Re: Help - DNSCrypt Breaking Websites

Post by parityboy » Wed Apr 11, 2018 4:48 pm

@OP

Re: DNScrypt widget issues, look here. On your second point, does the widget have the option to use TCP instead of UDP?


Topic Author
kingping1
Posts: 8
Joined: Wed Apr 11, 2018 7:27 am

Re: Help - DNSCrypt Breaking Websites

Post by kingping1 » Wed Apr 11, 2018 6:01 pm

actually I just used DNSCrypt with TCP and it worked so thanks a lot man! :D

Also, quick question, What is the point of DNSCrypt and when should we use it vs not using it?

User avatar

parityboy
Site Admin
Posts: 1214
Joined: Wed Feb 05, 2014 3:47 am

Re: Help - DNSCrypt Breaking Websites

Post by parityboy » Wed Apr 11, 2018 10:23 pm

@OP

The standard DNS protocol is completely unencrypted and unauthenticated. That means that it can be both intercepted and redirected to a completely different DNS server than the one you think you are using, so not only can your DNS traffic be captured and perused in-flight, all of your DNS requests to 8.8.8.8 (Google DNS) could be silently redirected to an NSA or CIA DNS server cluster and you would have no way of knowing.

DNSCrypt solves both of these issues by a) encrypting the DNS request before it is transmitted from your computer and b) cryptographically verifying that the DNS server you are talking to is the one you intended to talk to.

Of course that doesn't solve the issue of the DNS server operator logging every request you make to the DNS server (it's their server, so of course they can log your requests), but that's an entirely separate issue. :)

There's no reason to not use it, tbh.

Post Reply